Check accept key with websockets clients.

4 years ago · aa96c2d922
parent f5625f499f
commit aa96c2d922
5 changed files with 50 additions and 40 deletions
--- a/lib/http_client.c
+++ b/lib/http_client.c
@ -59,6 +59,9 @@ int http_c__context_init(struct mosquitto *context)
 	if(create_request_key(&key)){
 		return MOSQ_ERR_UNKNOWN;
 	}
+	if(ws__create_accept_key(key, strlen(key), &context->wsd.accept_key)){
+		return MOSQ_ERR_UNKNOWN;
+	}

 	packet = mosquitto__calloc(1, sizeof(struct mosquitto__packet) + 1024 + WS_PACKET_OFFSET);
 	if(!packet) return MOSQ_ERR_NOMEM;
@ -84,6 +87,7 @@ int http_c__context_init(struct mosquitto *context)

 int http_c__context_cleanup(struct mosquitto *context)
 {
+	SAFE_FREE(context->wsd.accept_key);
 	mosquitto__FREE(context->http_request);
 	return MOSQ_ERR_SUCCESS;
 }
@ -102,7 +106,6 @@ int http_c__read(struct mosquitto *mosq)
 	struct phr_header http_headers[100];
 	const char *client_key = NULL;
 	size_t client_key_len = 0;
-	char *accept_key;
 	size_t i;
 	bool header_have_upgrade;
 	bool header_have_connection;
@ -221,7 +224,10 @@ int http_c__read(struct mosquitto *mosq)
 		// FIXME - 404
 		return MOSQ_ERR_UNKNOWN;
 	}
-	/* FIXME - check key */
+	if(strncmp(mosq->wsd.accept_key, client_key, client_key_len)){
+		// FIXME - 50x
+		return MOSQ_ERR_UNKNOWN;
+	}

 	http_c__context_cleanup(mosq);
 	ws__context_init(mosq);
--- a/lib/mosquitto_internal.h
+++ b/lib/mosquitto_internal.h
@ -247,6 +247,7 @@ struct mosquitto_msg_data{
 struct ws_data{
 	struct mosquitto__packet *out_packet;
 	char *http_path;
+	char *accept_key;
 	uint64_t payloadlen;
 	ssize_t pos;
 	int http_header_size;
--- a/lib/net_mosq.h
+++ b/lib/net_mosq.h
@ -91,6 +91,7 @@ UI_METHOD *net__get_ui_method(void);
 #if defined(WITH_WEBSOCKETS) && WITH_WEBSOCKETS == WS_IS_BUILTIN
 void ws__context_init(struct mosquitto *mosq);
 void ws__prepare_packet(struct mosquitto *mosq, struct mosquitto__packet *packet);
+int ws__create_accept_key(const char *client_key, size_t client_key_len, char **encoded);
 #endif

 #endif
--- a/lib/net_ws.c
+++ b/lib/net_ws.c
@ -22,7 +22,9 @@ Contributors:

 #include <errno.h>
 #include <stddef.h>
+#include <string.h>

+#include "base64_mosq.h"
 #include "mosquitto_internal.h"
 #include "memory_mosq.h"
 #include "mqtt_protocol.h"
@ -326,4 +328,41 @@ ssize_t net__read_ws(struct mosquitto *mosq, void *buf, size_t count)
 	return len;
 }

+int ws__create_accept_key(const char *client_key, size_t client_key_len, char **encoded)
+{
+	const EVP_MD *digest;
+	EVP_MD_CTX *evp;
+	uint8_t accept_key_hash[EVP_MAX_MD_SIZE];
+	unsigned int accept_key_hash_len;
+
+	digest = EVP_get_digestbyname("sha1");
+	if(!digest){
+		return MOSQ_ERR_UNKNOWN;
+	}
+
+	evp = EVP_MD_CTX_new();
+	if(EVP_DigestInit_ex(evp, digest, NULL) == 0){
+		EVP_MD_CTX_free(evp);
+		return MOSQ_ERR_UNKNOWN;
+	}
+	if(EVP_DigestUpdate(evp, client_key, client_key_len) == 0){
+		EVP_MD_CTX_free(evp);
+		return MOSQ_ERR_UNKNOWN;
+	}
+	if(EVP_DigestUpdate(evp, "258EAFA5-E914-47DA-95CA-C5AB0DC85B11",
+				strlen("258EAFA5-E914-47DA-95CA-C5AB0DC85B11")) == 0){
+
+		EVP_MD_CTX_free(evp);
+		return MOSQ_ERR_UNKNOWN;
+	}
+	if(EVP_DigestFinal_ex(evp, accept_key_hash, &accept_key_hash_len) == 0){
+		EVP_MD_CTX_free(evp);
+		return MOSQ_ERR_UNKNOWN;
+	}
+	EVP_MD_CTX_free(evp);
+
+	return base64__encode(accept_key_hash, accept_key_hash_len, encoded);
+}
+
+
 #endif
--- a/src/http_serv.c
+++ b/src/http_serv.c
@ -55,43 +55,6 @@ int http__context_cleanup(struct mosquitto *context)
 }


-static int create_accept_key(const char *client_key, size_t client_key_len, char **encoded)
-{
-	const EVP_MD *digest;
-	EVP_MD_CTX *evp;
-	uint8_t accept_key_hash[EVP_MAX_MD_SIZE];
-	unsigned int accept_key_hash_len;
-
-	digest = EVP_get_digestbyname("sha1");
-	if(!digest){
-		return MOSQ_ERR_UNKNOWN;
-	}
-
-	evp = EVP_MD_CTX_new();
-	if(EVP_DigestInit_ex(evp, digest, NULL) == 0){
-		EVP_MD_CTX_free(evp);
-		return MOSQ_ERR_UNKNOWN;
-	}
-	if(EVP_DigestUpdate(evp, client_key, client_key_len) == 0){
-		EVP_MD_CTX_free(evp);
-		return MOSQ_ERR_UNKNOWN;
-	}
-	if(EVP_DigestUpdate(evp, "258EAFA5-E914-47DA-95CA-C5AB0DC85B11",
-				strlen("258EAFA5-E914-47DA-95CA-C5AB0DC85B11")) == 0){
-
-		EVP_MD_CTX_free(evp);
-		return MOSQ_ERR_UNKNOWN;
-	}
-	if(EVP_DigestFinal_ex(evp, accept_key_hash, &accept_key_hash_len) == 0){
-		EVP_MD_CTX_free(evp);
-		return MOSQ_ERR_UNKNOWN;
-	}
-	EVP_MD_CTX_free(evp);
-
-	return base64__encode(accept_key_hash, accept_key_hash_len, encoded);
-}
-
-
 int http__write(struct mosquitto *mosq)
 {
 	return packet__write(mosq);
@ -242,7 +205,7 @@ int http__read(struct mosquitto *mosq)
 		return MOSQ_ERR_UNKNOWN;
 	}

-	if(create_accept_key(client_key, client_key_len, &accept_key)){
+	if(ws__create_accept_key(client_key, client_key_len, &accept_key)){
 		return MOSQ_ERR_UNKNOWN;
 	}